Documentation ¶
Index ¶
- func GetAESPrefixTransformer(config *AESConfig, fn BlockTransformerFunc, prefix string) (value.PrefixTransformer, error)
- func GetPrefixTransformers(config *ResourceConfig) ([]value.PrefixTransformer, error)
- func GetSecretboxPrefixTransformer(config *SecretboxConfig) (value.PrefixTransformer, error)
- func GetTransformerOverrides(filepath string) (map[schema.GroupResource]value.Transformer, error)
- func ParseEncryptionConfiguration(f io.Reader) (map[schema.GroupResource]value.Transformer, error)
- type AESConfig
- type BlockTransformerFunc
- type EncryptionConfig
- type IdentityConfig
- type Key
- type ProviderConfig
- type ResourceConfig
- type SecretboxConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetAESPrefixTransformer ¶
func GetAESPrefixTransformer(config *AESConfig, fn BlockTransformerFunc, prefix string) (value.PrefixTransformer, error)
GetAESPrefixTransformer returns a prefix transformer from the provided configuration. Returns an AES transformer based on the provided prefix and block transformer.
func GetPrefixTransformers ¶
func GetPrefixTransformers(config *ResourceConfig) ([]value.PrefixTransformer, error)
GetPrefixTransformer constructs and returns the appropriate prefix transformers for the passed resource using its configuration
func GetSecretboxPrefixTransformer ¶
func GetSecretboxPrefixTransformer(config *SecretboxConfig) (value.PrefixTransformer, error)
GetSecretboxPrefixTransformer returns a prefix transformer from the provided configuration
func GetTransformerOverrides ¶
func GetTransformerOverrides(filepath string) (map[schema.GroupResource]value.Transformer, error)
GetTransformerOverrides returns the transformer overrides by reading and parsing the encryption provider configuration file
func ParseEncryptionConfiguration ¶
func ParseEncryptionConfiguration(f io.Reader) (map[schema.GroupResource]value.Transformer, error)
ParseEncryptionConfiguration parses configuration data and returns the transformer overrides
Types ¶
type AESConfig ¶
type AESConfig struct { // keys is a list of keys to be used for creating the AES transformer. Keys []Key `json:"keys"` }
AESConfig contains the API configuration for an AES transformer.
type BlockTransformerFunc ¶
type BlockTransformerFunc func(cipher.Block) value.Transformer
BlockTransformerFunc taske an AES cipher block and returns a value transformer.
type EncryptionConfig ¶
type EncryptionConfig struct { // kind is the type of configuration file. Kind string `json:"kind"` // apiVersion is the API version this file has to be parsed as. APIVersion string `json:"apiVersion"` // resources is a list containing resources, and their corresponding encryption providers. Resources []ResourceConfig `json:"resources"` }
EncryptionConfig stores the complete configuration for encryption providers.
type IdentityConfig ¶
type IdentityConfig struct{}
IdentityConfig is an empty struct to allow identity transformer in provider configuration.
type Key ¶
type Key struct { // name is the name of the key to be used while storing data to disk. Name string `json:"name"` // secret is the actual AES key, encoded in base64. It has to be 16, 24 or 32 bytes long. Secret string `json:"secret"` }
Key contains name and secret of the provided key for AES transformer.
type ProviderConfig ¶
type ProviderConfig struct { // aesgcm is the configuration for the AES-GCM transformer. AESGCM *AESConfig `json:"aesgcm,omitempty"` // aescbc is the configuration for the AES-CBC transformer. AESCBC *AESConfig `json:"aescbc,omitempty"` // secretbox is the configuration for the Secretbox based transformer. Secretbox *SecretboxConfig `json:"secretbox,omitempty"` // identity is the (empty) configuration for the identity transformer. Identity *IdentityConfig `json:"identity,omitempty"` }
ProviderConfig stores the provided configuration for an encryption provider.
type ResourceConfig ¶
type ResourceConfig struct { // resources is a list of kubernetes resources which have to be encrypted. Resources []string `json:"resources"` // providers is a list of transformers to be used for reading and writing the resources to disk. // eg: aes, identity. Providers []ProviderConfig `json:"providers"` }
ResourceConfig stores per resource configuration.
type SecretboxConfig ¶
type SecretboxConfig struct { // keys is a list of keys to be used for creating the Secretbox transformer. Keys []Key `json:"keys"` }
SECRETBOXConfig contains the API configuration for an Secretbox transformer.